def kms_reencrypt_noncompliant()

in src/python/detectors/aws_kms_reencryption/aws_kms_reencryption.py [0:0]

• 12 lines of code
• 1 McCabe index (conditional complexity)

def kms_reencrypt_noncompliant():
    import boto3
    import base64
    client = boto3.client('kms')
    plaintext = client.decrypt(
        CiphertextBlob=bytes(base64.b64decode("secret"))
    )
    # Noncompliant: decrypt is immediately followed by encrypt.
    response = client.encrypt(
        KeyId='string',
        Plaintext=plaintext
    )
    return response